Setting Up Password File Authentication By default, access to Oracle administration privileges is validated at the operating tem level.. Toplug it, you can change the default behavior an
Trang 1CHAPTER 20 • ORACLE8i SUPPLIED PACKAGES
5 indicates that every 5 units of that 1440 increment (or every 5 minutes), the job willexecute In the examples in Listings 20.1 and 20.2, the jobs are set up to run everyhour Listing 20.3 shows an example of creating a job that will run every minute
Listing 20.3: Running a Job at 1-Minute Intervals
BEGINDBMS_JOB.SUBMIT(job=>:job_num,what=>’run_job;’,
informa-Listing 20.4: Changing a Job Interval
BEGINDBMS_JOB.CHANGE(job=>6,what=>NULL, next_date=>NULL,interval=>’SYSDATE + 1/1440’);
COMMIT;
END;
/
Trang 2Notice the NULL values passed to the WHAT and NEXT_DATE parameters in thisexample Because there are no default values for these parameters, they must be givensome value when running the procedure Since NULL values are passed to these param-eters, no changes will be made to their settings
As another example, suppose that you want to have the next job execution occur
in three days Listing 20.5 shows how you could accomplish this modification
Listing 20.5: Changing a Job’s Time of Execution
BEGINDBMS_JOB.CHANGE(job=>6,what=>NULL, next_date=>SYSDATE + 3,interval=>NULL);
COMMIT;
END;
/
Suspending or Removing a Job
If you wish to suspend the execution of a job, use the DBMS_JOB.BROKEN procedure
You can also use this procedure to restart the execution of a job Here is an example ofbreaking a job:
EXEC dbms_job.broken(6,TRUE);
In this case, job 6 will be broken after this statement is executed The first parameter
is obviously the job number The second parameter is a Boolean value (TRUE/FALSE)that indicates if the job is broken (TRUE) or not (FALSE)
If you wish to unbreak a job, issue the following command:
Monitoring the Job Scheduler
The DBA_JOBS (and the USER_ and ALL_ varieties as well) data dictionary view vides a great deal of information about the various jobs in the job queue The infor-mation includes when the job last ran, when it is scheduled to run again, what thejob is, how many errors have occurred when the job has tried to run previously, and
pro-SCHEDULING JOBS WITH THE JOB SCHEDULER
Beyond Simple Database Management
P A R T
III
Trang 3CHAPTER 20 • ORACLE8i SUPPLIED PACKAGES
should contain the job)LAST_DATE The last date that the job was successfully runTHIS_DATE If the job is executing, this column will be populated; if the job is not exe-
cuting, this column will be NULL (can be used to determine how long ajob has been running)
NEXT_DATE The next execution date for the jobTOTAL_TIME The overall time that the system has spent on the jobBROKEN Indicates if the job is broken (which means it will not be scheduled for
execution)FAILURES Indicates how many times this job has failed since its last success (16 suc-
cessive failures will cause the job to become broken)
Here is an example of querying the DBA_JOBS view and its results:
SELECT job, what, TO_CHAR(last_date,’mm/dd/yyyy hh24:mi:ss’) last_date,TO_CHAR(next_date, ‘mm/dd/yyyy hh24:mi:ss’) next_date, failures, brokenFROM dba_jobs;
JOB WHAT LAST_DATE NEXT_DATE FAILURES B - - - - - -
1 begin my_procedure; end; 06/16/2001 13:31:53 06/16/2001 13:36:53 0 N
The results show a procedure called MY_PROCEDURE that is scheduled to run Itlast ran on June 16 at 1:31 P.M., and it’s ready to go again at 1:36 P.M on the same day
No failures appear to have occurred with the execution of this job, and it’s not broken
Trang 4Communicating through Pipes
The DBMS_PIPE package allows two or more sessions of an Oracle instance to municate with each other When the pipe is established, an area in the SGA is allo-cated for that pipe Other sessions can attach to that area of shared memory, and thenpass messages back and forth Because all messaging is done through the SGA, beaware that all messages sent through pipes will be lost once the instance is shut down
com-NOTE Oracle’s Advanced Queuing feature provides for persistency of messages SeeOracle’s documentation for information about Advanced Queuing
The DBMS_PIPE package is very handy when you wish to perform real-time munications between Oracle sessions For example, you might want to monitor theoperation of multiple threads You could establish a pipe between the runningprocesses and an application that you have written to monitor those processes Youcan also use a pipe for debugging triggers and stored PL/SQL code
com-There are two different kinds of pipes in Oracle: public pipes and private pipes
Let’s look at each of these types in a bit more detail
Using Public Pipes
Public pipes are asynchronous in nature, and any user who has access to the pipe canread or write to that pipe through the DBMS_PIPE package (as long as they have EXE-CUTE privileges to the package) Once a user reads from the pipe, the message isremoved from the pipe Therefore, there is a risk that the user you intended the mes-sage for in the public pipe will never receive that message
Public pipes can be either created implicitly or explicitly An implicit public pipe iscreated automatically the first time it is referenced, and no specific creation procedure
is required An explicit public pipe is created by calling the CREATE_PIPE functionand setting the private pipe type flag to N You must de-allocate an explicitly createdpipe with the REMOVE_PIPE function
Using Private Pipes
Access to private pipes is much more restricted than access to implicit public pipes
Any session that wishes to connect to the private pipe created by your session must belogged in using the same user ID as the session that created the pipe: SYSDBA or
COMMUNICATING THROUGH PIPES
Beyond Simple Database Management
P A R T
III
Trang 5CHAPTER 20 • ORACLE8i SUPPLIED PACKAGES
922
INTERNAL Also, you can access the pipe through stored procedures that are runningunder the same user domain authorization as the creator of the pipe
A private pipe is created by using the CREATE_PIPE function The pipe is defined as
a private pipe if the private pipe type flag is set to Y and there are no implicit privatepipes The name of the private pipe to be created cannot be the same as the name
of any other existing private or public pipe Like public pipes, private pipes are allocated by using the REMOVE_PIPE function
de-Sending and Receiving Messages
You send and retrieve messages through the public and private pipes in the same ion To make pipes work, you first need a sending side and a receiving side session onthe same database The sending side will establish the pipe, using either a private orpublic pipe (the public pipe can be an implicit pipe or an explicitly named pipe)
fash-Sending a Message through a Pipe
If you wish to use an explicitly named pipe, use the DBMS_PIPE.CREATE_PIPE tion After creating the pipe (or not, if you are using a public implicit pipe), the nextstep is to pack the message with the DBMS_PIPE.PACK_MESSAGE procedure If youare using an implicit pipe, it will be created when you pack it Finally, once the mes-sage has been packaged, you will send the message through the pipe with theDBMS_PIPE.SEND_MESSAGE function Listing 20.6 provides an example of sending amessage through a pipe
func-NOTE Listing 20.6 and Listing 20.7 (presented in the next section) are designed to runtogether Listing 20.6 provides one side of the pipe (the sending side), and Listing 20.7provides the other side of the pipe (the receiving side) To see the results of these exam-ples, you would run Listing 20.7 first to set up the receiving side, and then run Listing 20.6
to send the message Make sure to issue the SET SERVEROUTPUT ON command, as shown
in these examples, or you will not see the output
Listing 20.6: Setting Up the Sending Side of a Pipe
SET SERVEROUTPUT ONDECLARE
V_pipe_name VARCHAR2(30):=’mypipe’;
V_pipe_message VARCHAR2(8192);
V_return NUMBER;
BEGIN
Trang 6Dbms_output.put_line(‘Sending the message through the pipe!’);
Call dbms_pipe.create pipe to create an explicit pipe
This will be a public pipe by default
v_return:=Dbms_pipe.create_pipe(pipename=>v_pipe_name,private=>FALSE);
IF v_return=0THEN
Dbms_output.put_line(‘Pipe Open.’);
ELSEDbms_output.put_line(‘error opening pipe.’);
END IF;
Now, let’s create a message to send through the pipe
V_pipe_message:=’Do, or do not, there is no try.’;
Dbms_pipe.pack_message(v_pipe_message);
Now, send the message through the pipe
Wait only 60 seconds
V_return:=Dbms_pipe.send_message(v_pipe_name, 60);
IF v_return=0THEN
Dbms_output.put_line(‘Message Sent.’);
ELSEDbms_output.put_line(‘error sending message.’);
END IF;
Our work is done
V_return:=Dbms_pipe.remove_pipe(v_pipe_name);
IF v_return=0THEN
Dbms_output.put_line(‘Pipe Closed.’);
ELSEDbms_output.put_line(‘error closing pipe.’);
END IF;
END;
/
Here is the output from the sending session:
Sending the message through the pipe!
COMMUNICATING THROUGH PIPES
Beyond Simple Database Management
P A R T
III
Trang 7CHAPTER 20 • ORACLE8i SUPPLIED PACKAGES
924
Message Sent
Pipe Closed
PL/SQL procedure successfully completed
Receiving a Message through a Pipe
On the receiving side, things work pretty much in the reverse First, you can explicitlyopen the pipe with the CREATE PIPE command, or you can choose to use an implicitpipe if you are going to be reading a public pipe Then you use the DBMS_PIPE storedfunction RECEIVE_MESSAGE to receive a message from the pipe After receiving themessage, you can use the DBMS_PIPE.UNPACK_MESSAGE to unpack the messagefrom the pipe When you’re finished with the pipes, use the DBMS_PIPE.REMOVE_PIPE procedure to remove them Listing 20.7 provides an example of receiving a mes-sage from a pipe
Listing 20.7: Setting Up the Receiving Side of a Pipe
SET SERVEROUTPUT ONDECLARE
V_pipe_name VARCHAR2(30):=’mypipe’;
V_pipe_message VARCHAR2(8192);
V_return NUMBER;
BEGINDbms_output.put_line(‘Receiving the message through the pipe!’); Call dbms_pipe.create pipe to create an explicit pipe
This will be a public pipe by default
v_return:=Dbms_pipe.create_pipe(pipename=>v_pipe_name,private=>FALSE);
IF v_return=0THEN
Dbms_output.put_line(‘Pipe Open.’);
ELSEDbms_output.put_line(‘error opening pipe.’);
END IF;
Now, send the message through the pipe
Wait only 60 seconds
V_return:=Dbms_pipe.receive_message(v_pipe_name, 60);
IF v_return=0THEN
Trang 8Dbms_output.put_line(‘received the message through the pipe!’);
ELSEDbms_output.put_line(‘error receiving the message through thepipe!’);
END IF;
Now, unpack the message
Dbms_pipe.unpack_message(v_pipe_message);
What was the message?
Dbms_output.put_line(’The message was: ’||v_pipe_message);
Our work is done
V_return:=Dbms_pipe.remove_pipe(v_pipe_name);
IF v_return=0THENDbms_output.put_line(‘Pipe Removed.’);
ELSEDbms_output.put_line(‘error removing pipe.’);
END IF;
END;
/
Here is the output from the receiving session:
Receiving the message through the pipe!
Pipe Open
received the message through the pipe!
The message was: Do, or do not, there is no try
Pipe Removed
PL/SQL procedure successfully completed
We have covered just a few of the many Oracle stored procedures that can simplifythe Oracle DBA’s life Packages such as DBMS_DDL, DBMS_LOB, DBMS_OUTPUT, andDBMS_UTILITY can be very helpful to the DBA As described earlier in this chapter,you can use the DESC command from SQL*Plus to see the procedures and functions
in any of the Oracle-supplied packages
COMMUNICATING THROUGH PIPES
Beyond Simple Database Management
P A R T
III
Trang 10CHAPTER 21
Oracle8i Database Security
F E A T U R I N G : Managing Oracle user accounts 928 Enforcing row-level security 950 Enforcing column-level security 968
Trang 11A primary responsibility of DBAs is to ensure that the data under their
watchful eyes is protected from both accidental loss and deliberate acts ofsabotage One of the main ways to control access to a database is throughuser accounts For more advanced database security, you can controlaccess to portions of data in a table One way to enforce row-level security is provided
through Oracle8i’s virtual private database feature (also known as fine-grained access
control) You can also encrypt data within the database itself Other Oracle security
solutions include securing the network and the system the database is on itself (usingthe Oracle Security Server)
This chapter covers some of the techniques that you can use to secure your base We describe managing user accounts and authentication, including setting upprofiles and roles Then we cover Oracle’s features for providing row-level and column-level security
data-Managing Oracle User Accounts
In Oracle, you can set up various forms of authentication for your users After youhave defined users, you can assign profiles to them, grant and revoke privileges, andcreate roles for ease of management
One step you can take to provide some extra protection for your database is to set
up password file authentication Let’s see how that is done, and then move onto theprocedures for setting up and managing user accounts, profiles, and roles
NOTE There is a subtle, but distinct, difference between the terms schema and user in Oracle A user in Oracle is the person who signs into the database Passwords and security
grants to objects are associated with users A schema is what owns the objects that arecreated by a given user A schema can own objects created by the user that owns theschema, or the schema may own objects that are created by a different database user
Setting Up Password File Authentication
By default, access to Oracle administration privileges is validated at the operating tem level The method of validation varies by operating system For example, on Unixsystems, this validation is based on the username and if the user is a member of a spe-cific Unix group, typically called DBA Thus, if your account is a member of the DBA
Trang 12sys-group in Unix, you will be able to administer the database (through Server Manager
or SQL*Plus, for example)
It should be obvious that this form of validation is a potential security hole Toplug it, you can change the default behavior and instead authenticate access to highlyprivileged database accounts regardless of the operating system user account that isbeing used This is facilitated through the use of a password file The password file isdesigned to provide an additional level of security for privileged Oracle accounts
While using the password file is optional in many cases, you must set up word file authentication if you wish to use certain Oracle utilities (such as RMAN inOracle 8.1.7) to manage the database Also, some Oracle Enterprise Manager functionsrequire password file authentication to be in place
pass-To use password file authentication for privileged database user accounts, you mustfirst create the password file Then you need to set up the database so that it knows itshould use that password file
Creating the Password File
To create the password file in Oracle8i, use the ORAPWD program (this program’sname may be different on different platforms, but it is the same on Unix and NT sys-tems in Oracle8i) The ORAPWD program takes three parameters; two are requiredand the third is optional To see these parameters, just run ORAPWD by itself:
D:\ORACLE\ORA816\BIN>orapwdUsage: orapwd file=<fname> password=<password> entries=<users>
wherefile - name of password file (mand),password - password for SYS and INTERNAL (mand),entries - maximum number of distinct DBA and OPERs (opt),There are no spaces around the equal-to (=) character
As you can see, the first parameter is the name of the password file The password
file takes a standard naming convention: <sid>pwd.ora, where <sid> is the name of
the database Thus, for my database named ROBERT, my password file is calledrobertpwd.ora The default location for the password file varies by operating system
On NT systems, the password file is located in $ORACLE_HOME\database On Unix tems, it’s in $ORACLE_HOME\dbs
sys-NOTE On many systems, the location of the password file (and even its name) can bechanged by altering your system environment Check your operating system documenta-tion for more information about defining alternate paths for your password file
929
MANAGING ORACLE USER ACCOUNTS
Beyond Simple Database Managment
P A R T
III
Trang 13CHAPTER 21 • ORACLE8i DATABASE SECURITY
930
The next parameter of the ORAPWD command is the name of the password for theSYS and INTERNAL account This is the password you will use when logging in to thedatabase using SYS or CONNECT INTERNAL (or / AS SYSDBA)
The final, optional, parameter of the ORAPWD command is the number of entriesfor additional privileged users who will be granted SYSDBA or SYSOPER privileges Ifyou use the default value, Oracle will store enough entries to fill one database block.The default generally is around four entries for a 512KB operating system block size Theactual number of entries will likely be greater than that number, since Oracle will fillthe entire operating system block Using the ENTRIES parameter, you can define alarger number of privileged users
Here is an example of creating a password file:
D:\ORACLE\ORA816\BIN>orapwd file=testpwd.ora password=robert entries=10D:\ORACLE\ORA816\BIN>dir testpwd.ora
Volume in drive D has no label
Volume Serial Number is 3C0E-D639Directory of D:\ORACLE\ORA816\BIN
Setting Up the Database to Use the Password File
After you’ve created the password file, the only other setup required to use passwordfile authentication is to change a single database parameter This is the REMOTE_LOGIN_PASSWORDFILE parameter, which is set to None by default (indicating thatprivileged database access is authenticated by the operating system) To enable pass-word file authentication, change this parameter to either of the following settings:
• If you set REMOTE_LOGIN_PASSWORDFILE to Exclusive, the password file isnot shared In this mode, the password file is used by only one database, and itmay contain passwords for users other than SYS and INTERNAL
• If you set this parameter to Shared, the password file is shared by many bases The main restriction is that this password file can contain only the pass-words for SYS and INTERNAL logons, so this setting is less useful than Exclusive
Trang 14Once you’ve altered the parameter, you will need to take down the database andbring it back up again before the change will take effect Once you’ve completed thisfinal step, the database and highly privileged accounts will be database authenticatedinstead of operating system authenticated
Creating User Accounts
When you create a user account in Oracle, using the CREATE USER command, youalso define the way that the user’s access to the database is authenticated When theuser is authenticated, the user account name is verified, the password (if one is used)
is validated, and the username’s security privileges are checked If all of these tions succeed, the user is signed in
month) provides for network authentication, using various external authentication
proto-cols, as well as global user authentication Global users are users defined within a
central-ized enterprise directory, and access to databases is controlled via that directory using SSL
Also, multitier authentication and authorization can occur when users connect to the base through a proxy server OCI provides calls that support this type of authentication
data-Creating Database-Authenticated Users
For increased security, you can have the database validate and authenticate the usersigning in An example of creating this type of user account is shown in Listing 21.1
Listing 21.1: Creating a Database-Authenticated User Account
CREATE USER chris IDENTIFIED BY carterDEFAULT TABLESPACE users
TEMPORARY TABLESPACE tempQUOTA ON users UNLIMITED;
Let’s take a closer look at the settings for a user account:
Username Listing 21.1 creates a user named Chris Usernames are not casesensitive There are a few restrictions on usernames First, a username cannot belonger than 30 bytes A username can contain only alphanumeric characters fromyour character set and the following special characters: _, $, and # Also, a user-name cannot be a reserved word (such as CREATE) Finally, as you might suspect,you cannot duplicate usernames in the same database
MANAGING ORACLE USER ACCOUNTS
Beyond Simple Database Managment
P A R T
III
Trang 15CHAPTER 21 • ORACLE8i DATABASE SECURITY
932
Password The IDENTIFIED BY clause indicates the password you are ing to the user A password is mandatory for a database-authenticated user InListing 21.1, the password for the Chris account is Carter Passwords are not casesensitive
assign-Default tablespace The DEFAULT TABLESPACE clause assigns the user’sdefault tablespace In Listing 21.1, Chris is assigned a default tablespace of USERS.This means that any objects that Chris creates will be created in the USERS table-space by default If you don’t define a default tablespace, Oracle will assign thedefault tablespace as the SYSTEM tablespace So, be sure to assign a default table-space other than SYSTEM!
Temporary tablespace The TEMPORARY TABLESPACE clause indicatesthe user’s temporary tablespace, which is TEMP in Listing 21.1 This means thatall temporary segments (created during sorting or when using global temporarytables for user Chris) will be created in the TEMP tablespace As with the defaulttablespace, the default for the temporary tablespace setting is the SYSTEM table-space, so you will want to make sure that you define another temporary table-space when creating a user
table-space as its default tabletable-space or temporary tabletable-space After you create a database, youshould even change the default and temporary tablespace for the SYSTEM account! (Gen-erally, we do not change the SYS default tablespace account assignment.)
Quota In the final line in Listing 21.1, you see that the user is assigned anUNLIMITED quota on the USERS tablespace The QUOTA ON clause allows you tocontrol how much space the user can use in a given tablespace By default, alltablespaces (except those defined as a temporary tablespace) are assigned a quota
of 0 Thus, if you want a user to be able to use a tablespace, you must allocate aquota to the tablespace for that user (unless you grant the user a role with unlim-ited tablespace usage)
Creating Operating System–Authenticated Users
You might create an operating system–authenticated user account for databases wheresecurity is not an issue, so letting the operating system authenticate the user is suffi-cient to allow database access In these cases, the user account on the operating sys-tem and the database user account will be the same name
Trang 16By default, Oracle disables operating system authentication You can enable use ofoperating system authentication by setting the database parameter REMOTE_OS_
AUTHENT to TRUE (it defaults to FALSE) in the database’s init.ora file
Often, administrators will define a prefix for operating system-authenticatedaccount names to indicate that the accounts are externally identified accounts InOracle8i, you can define this prefix name through the OS_AUTHENT_PREFIX parame-ter (which typically defaults to ops$) in the init.ora file
threat If hackers who know your naming schema for remotely authenticated users areable to gain access to your system, all they need to do is find out which users have the pre-fix, and they will know they can easily circumvent database security We strongly recom-mend against using operating system authentication in your database
Creating an operating system–authenticated user is much like creating a
database-authenticated user The only difference is that you replace the IDENTIFIED BY
<pass-word> clause with the IDENTIFIED EXTERNALLY clause Listing 21.2 provides an
example of creating a user who is authenticated via the operating system
Listing 21.2: Creating an Operating System-Authenticated User Account
CREATE USER user$chris IDENTIFIED EXTERNALLYDEFAULT TABLESPACE users
TEMPORARY TABLESPACE tempQUOTA ON users UNLIMITED;
In this example, the username is given the user$ prefix (so the OS_AUTHENT_
PREFIX parameter must also be set to user$) The default tablespace, temporary space, and quota settings are the same as those in Listing 21.1, described in the previ-ous section
table-Privileged Users
Privileged users are those users who can perform special database activities, such asstarting up and shutting down the database In Oracle 8i, the SYSDBA and SYSOPERprivileges supersede the INTERNAL user and its privileges (and, in fact, INTERNALwill be done away with in Oracle 9i) By default, SYS is not a privileged user, unlessyou are signing in as SYS using SYSDBA
The SYSDBA privilege is assigned to a user account and gives that account the sameprivileges that the INTERNAL account has The SYSDBA privilege encompasses all
MANAGING ORACLE USER ACCOUNTS
Beyond Simple Database Managment
P A R T
III
Trang 17CHAPTER 21 • ORACLE8i DATABASE SECURITY
934
system privileges, including ADMIN OPTION, which allows granting system leges to other users The SYSDBA basically allows any database administration activity
privi-to take place, so take care when you grant this privilege
The SYSOPER privilege is assigned to a user account that will perform specific types
of database operational activities SYSOPER can issue the following commands:STARTUP, SHUTDOWN, ALTER DATABASE OPEN/MOUNT, ALTER DATABASEBACKUP, ALTER TABLESPACE BEGIN/END BACKUP, ARCHIVE LOG, and RECOVER.Also, the SYSOPER has the RESTRICTED SESSION privilege
NOTE If you are using operating system authentication for users, you will not need togrant SYSDBA or SYSOPER privileges to any account This discussion applies only to data-base authentication of privileged user accounts
Logging On as a Privileged User
When logging on, users with the SYSDBA or SYSOPER privilege must indicate thatthey wish to log on with that privilege To do so, they include the string AS SYSDBA(or AS SYSOPER) in their logon string For example, with my username Robert, Iwould connect using the following connect string:
CONNECT robert as sysdba
In some cases, such as at the SQL*Plus command line or when using the EXP andIMP utilities, you will need to include the ID and privilege in double quotation marks,
as in this example:
D:\ORACLE\admin\recover>sqlplus “robert as sysdba”
SQL*Plus: Release 8.1.6.0.0 - Production on Sun May 27 22:34:45 2001(c) Copyright 1999 Oracle Corporation All rights reserved
Trang 18<logon> ::= <username>[/<password>][@<connect_string>] | / | /NOLOG
<start> ::= @<filename>[.<ext>] [<parameter> ]
“-” displays the usage syntax
“-?” displays the SQL*Plus version banner
“-M <o>” uses HTML markup options <o>
“-R <n>” uses restricted mode <n>
“-S” uses silent mode
If you attempt to sign into an account as SYSDBA or SYSOPER, Oracle will not erate an error as long as you use the correct password However, if you try to execute aprivileged action (such as shutting down the database), Oracle will generate an errorindicating that you have insufficient privileges
gen-Viewing Privileged Users
If you are using database authentication, you can determine who is assigned the tus of a privileged user using the V$PWFILE_USERS view Here is a description of theview and an example of a query to list privileged users:
sta-SQL> DESC v$pwfile_users;
Name Null? Type - - -USERNAME VARCHAR2(30)SYSDBA VARCHAR2(5)SYSOPER VARCHAR2(5)
SQL> SELECT * FROM v$pwfile_users;
USERNAME SYSDB SYSOP - - -INTERNAL TRUE TRUESYS TRUE TRUEROBERT TRUE FALSEDODO FALSE TRUE
NOTE Not all database users will appear on this report You will see only those userswith privileged status (assigned to SYSDBA or SYSOPER)
In this example, you see that INTERNAL and SYS are both assigned SYSDBA andSYSOPER privileges The ROBERT account is assigned SYSDBA privileges, but notSYSOPER, and the DODO account is assigned SYSOPER but not SYSDBA privileges
MANAGING ORACLE USER ACCOUNTS
Beyond Simple Database Managment
P A R T
III
Trang 19CHAPTER 21 • ORACLE8i DATABASE SECURITY
936
Notice that the SYSTEM account does not appear in this listing This is because it isnot, by default, set up to be a privileged account
If you are using operating system authentication, you will need to determine who
is assigned to the specific group for privileged users, such as the DBA group in Unix.Then use your operating system’s procedures to view the group’s members
Maintaining User Accounts
You may need to alter a user account to change the user’s password, profile, or haps lock a bad guy out of the system This is facilitated through the ALTER USERpassword command The ALTER USER command allows you to make the followingchanges:
per-• Change a user password
• Change a user’s profile
• Change a user’s default or temporary tablespace settings
• Alter a user’s tablespace quota
• Alter a user’s default role
• Expire the user’s password, or lock out the account completely
Here are a few examples of using the ALTER USER command:
ALTER USER todd DEFAULT TABLESPACE ted_dataQUOTA unlimited on ted_data;
ALTER USER badboy PASSWORD EXPIRE;
ALTER USER eddie PROFILE normal_user;
The DROP USER command is used to remove user accounts from the database:
DROP USER michael;
The DROP USER command will drop a user without any dependent objects If thereare dependent objects owned by that user, you will need to use the CASCADE clause,which will cause those objects to be dropped along with the user
DROP USER michelle CASCADE;
You don’t want to cause other users’ objects to become invalid!
Trang 20Setting Up User Profiles
User profiles allow DBAs to control users by establishing certain rules that useraccounts will follow You can specify allowable resource usage, such as the total num-ber of sessions that a user can have open, as well as password controls, such as whenpasswords expire
NOTE Strong passwords and forcing passwords to change often are key security issues
You should enforce a clear password policy
Creating Profiles
To create a profile, use the CREATE PROFILE command Once the profile is created,you can assign it to users Listing 21.3 provides an example creating a profile
Listing 21.3: Creating a Profile
CREATE PROFILE standard_user LIMITSESSIONS_PER_USER 3
CONNECT_TIME 30IDLE_TIME 5LOGICAL_READS_PER_SESSION 2000000LOGICAL_READS_PER_CALL 2000FAILED_LOGIN_ATTEMPTS 3PASSWORD_LIFE_TIME 45PASSWORD_GRACE_TIME 5PASSWORD_REUSE_TIME 365PASSWORD_REUSE_MAX UNLIMITEDPASSWORD_LOCK_TIME 1/24;
This example begins with the CREATE PROFILE command, followed by the name
of this profile, STANDARD_USER The keyword LIMIT puts the parameters included inthe profile into effect Most parameters can be set to UNLIMITED to indicate that
MANAGING ORACLE USER ACCOUNTS
Beyond Simple Database Managment
P A R T
III